Add restrict group to some APIs
This commit is contained in:
parent
c07a3889e6
commit
e2cf8c696a
4 changed files with 16 additions and 16 deletions
|
@ -1759,7 +1759,7 @@ App::post('/v1/account/tokens/phone')
|
||||||
|
|
||||||
App::post('/v1/account/sessions/anonymous')
|
App::post('/v1/account/sessions/anonymous')
|
||||||
->desc('Create anonymous session')
|
->desc('Create anonymous session')
|
||||||
->groups(['api', 'account', 'auth', 'session'])
|
->groups(['api', 'account', 'auth', 'session', 'restrict'])
|
||||||
->label('event', 'users.[userId].sessions.[sessionId].create')
|
->label('event', 'users.[userId].sessions.[sessionId].create')
|
||||||
->label('scope', 'sessions.write')
|
->label('scope', 'sessions.write')
|
||||||
->label('auth.type', 'anonymous')
|
->label('auth.type', 'anonymous')
|
||||||
|
@ -3354,7 +3354,7 @@ App::post('/v1/account/verification/phone')
|
||||||
|
|
||||||
App::put('/v1/account/verification/phone')
|
App::put('/v1/account/verification/phone')
|
||||||
->desc('Create phone verification (confirmation)')
|
->desc('Create phone verification (confirmation)')
|
||||||
->groups(['api', 'account'])
|
->groups(['api', 'account', 'restrict'])
|
||||||
->label('scope', 'public')
|
->label('scope', 'public')
|
||||||
->label('event', 'users.[userId].verification.[tokenId].update')
|
->label('event', 'users.[userId].verification.[tokenId].update')
|
||||||
->label('audits.event', 'verification.update')
|
->label('audits.event', 'verification.update')
|
||||||
|
|
|
@ -42,7 +42,7 @@ use Utopia\Validator\Text;
|
||||||
|
|
||||||
App::post('/v1/teams')
|
App::post('/v1/teams')
|
||||||
->desc('Create team')
|
->desc('Create team')
|
||||||
->groups(['api', 'teams'])
|
->groups(['api', 'teams', 'restrict'])
|
||||||
->label('event', 'teams.[teamId].create')
|
->label('event', 'teams.[teamId].create')
|
||||||
->label('scope', 'teams.write')
|
->label('scope', 'teams.write')
|
||||||
->label('audits.event', 'team.create')
|
->label('audits.event', 'team.create')
|
||||||
|
@ -358,7 +358,7 @@ App::delete('/v1/teams/:teamId')
|
||||||
|
|
||||||
App::post('/v1/teams/:teamId/memberships')
|
App::post('/v1/teams/:teamId/memberships')
|
||||||
->desc('Create team membership')
|
->desc('Create team membership')
|
||||||
->groups(['api', 'teams', 'auth'])
|
->groups(['api', 'teams', 'auth', 'restrict'])
|
||||||
->label('event', 'teams.[teamId].memberships.[membershipId].create')
|
->label('event', 'teams.[teamId].memberships.[membershipId].create')
|
||||||
->label('scope', 'teams.write')
|
->label('scope', 'teams.write')
|
||||||
->label('auth.type', 'invites')
|
->label('auth.type', 'invites')
|
||||||
|
|
|
@ -148,7 +148,7 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e
|
||||||
|
|
||||||
App::post('/v1/users')
|
App::post('/v1/users')
|
||||||
->desc('Create user')
|
->desc('Create user')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -180,7 +180,7 @@ App::post('/v1/users')
|
||||||
|
|
||||||
App::post('/v1/users/bcrypt')
|
App::post('/v1/users/bcrypt')
|
||||||
->desc('Create user with bcrypt password')
|
->desc('Create user with bcrypt password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -211,7 +211,7 @@ App::post('/v1/users/bcrypt')
|
||||||
|
|
||||||
App::post('/v1/users/md5')
|
App::post('/v1/users/md5')
|
||||||
->desc('Create user with MD5 password')
|
->desc('Create user with MD5 password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -242,7 +242,7 @@ App::post('/v1/users/md5')
|
||||||
|
|
||||||
App::post('/v1/users/argon2')
|
App::post('/v1/users/argon2')
|
||||||
->desc('Create user with Argon2 password')
|
->desc('Create user with Argon2 password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -273,7 +273,7 @@ App::post('/v1/users/argon2')
|
||||||
|
|
||||||
App::post('/v1/users/sha')
|
App::post('/v1/users/sha')
|
||||||
->desc('Create user with SHA password')
|
->desc('Create user with SHA password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -311,7 +311,7 @@ App::post('/v1/users/sha')
|
||||||
|
|
||||||
App::post('/v1/users/phpass')
|
App::post('/v1/users/phpass')
|
||||||
->desc('Create user with PHPass password')
|
->desc('Create user with PHPass password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -342,7 +342,7 @@ App::post('/v1/users/phpass')
|
||||||
|
|
||||||
App::post('/v1/users/scrypt')
|
App::post('/v1/users/scrypt')
|
||||||
->desc('Create user with Scrypt password')
|
->desc('Create user with Scrypt password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -386,7 +386,7 @@ App::post('/v1/users/scrypt')
|
||||||
|
|
||||||
App::post('/v1/users/scrypt-modified')
|
App::post('/v1/users/scrypt-modified')
|
||||||
->desc('Create user with Scrypt modified password')
|
->desc('Create user with Scrypt modified password')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('event', 'users.[userId].create')
|
->label('event', 'users.[userId].create')
|
||||||
->label('scope', 'users.write')
|
->label('scope', 'users.write')
|
||||||
->label('audits.event', 'user.create')
|
->label('audits.event', 'user.create')
|
||||||
|
@ -420,7 +420,7 @@ App::post('/v1/users/scrypt-modified')
|
||||||
|
|
||||||
App::post('/v1/users/:userId/targets')
|
App::post('/v1/users/:userId/targets')
|
||||||
->desc('Create User Target')
|
->desc('Create User Target')
|
||||||
->groups(['api', 'users'])
|
->groups(['api', 'users', 'restrict'])
|
||||||
->label('audits.event', 'target.create')
|
->label('audits.event', 'target.create')
|
||||||
->label('audits.resource', 'target/response.$id')
|
->label('audits.resource', 'target/response.$id')
|
||||||
->label('event', 'users.[userId].targets.[targetId].create')
|
->label('event', 'users.[userId].targets.[targetId].create')
|
||||||
|
|
|
@ -601,11 +601,11 @@ App::init()
|
||||||
->action(function (Request $request, Reader $geodb) {
|
->action(function (Request $request, Reader $geodb) {
|
||||||
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
|
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
|
||||||
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
|
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
|
||||||
// $record = $geodb->get($request->getIP());
|
$record = $geodb->get($request->getHeader('x-forwarded-for'));
|
||||||
$record = $geodb->get('167.220.238.180');
|
|
||||||
$country = $record['country']['iso_code'];
|
$country = $record['country']['iso_code'];
|
||||||
|
$countryName = $record['country']['names']['en'];
|
||||||
if (in_array($country, $countries)) {
|
if (in_array($country, $countries)) {
|
||||||
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Access from $country is restricted");
|
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Sorry, access from $countryName is restricted");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue